Think you've been oblivous <grin>. He means this one
-----BEGIN PGP SIGNED MESSAGE-----
- ----------------------------------------------------------------------
Title:Â Â Â Â Â Cumulative Patch for Internet Explorer (828750)
Date:Â Â Â Â Â Â October 3, 2003
Software:Â Â Internet Explorer 5.01
           Internet Explorer 5.5           Â
Internet Explorer 6.0 Â Â Â Â Â Â Â Â Â Â Â Internet Explorer 6.0 for
Windows Server 2003 Impact:Â Â Â Â Run code of attacker's choice Max
Risk:Â Â Critical
Bulletin:Â Â MS03-040
Microsoft encourages customers to review the Security Bulletins at: Â Â Â
http://www.microsoft.com/technet/security/bulletin/MS03-040.asp   Â
http://www.microsoft.com/security/security_bulletins/MS03-040.asp -
----------------------------------------------------------------------
Issue:
======
This is a cumulative patch that includes the functionality of all
previously released patches for Internet Explorer 5.01, 5.5 and 6.0. In
addition, it eliminates the following newly discovered vulnerabilities:
A vulnerability that occurs because Internet Explorer does not properly
determine an object type returned from a Web server in a popup window. It
could be possible for an attacker who exploited this vulnerability to run
arbitrary code on a user's system. If a user visited an attacker's Web
site, it would be possible for the attacker to exploit this vulnerability
without any other user action. An attacker could also craft an HTML-based
e-mail that would attempt to exploit this vulnerability.
A vulnerability that occurs because Internet Explorer does not properly
determine an object type returned from a Web server during XML data
binding. It could be possible for an attacker who exploited this
vulnerability to run arbitrary code on a user's system. If a user visited
an attacker's Web site, it would be possible for the attacker to exploit
this vulnerability without any other user action. An attacker could also
craft an HTML-based e-mail that would attempt to exploit this
vulnerability.
A change has been made to the method by which Internet Explorer handles
Dynamic HTML (DHTML) Behaviors in the Internet Explorer Restricted Zone.Â
It could be possible for an attacker exploiting a separate vulnerability
(such as one of the two vulnerabilities discussed above) to cause Internet
Explorer to run script code in the security context of the Internet Zone.
In addition, an attacker could use Windows Media Player's (WMP) ability to
open URL's to construct an attack. An attacker could also craft an
HTML-based e-mail that could attempt to exploit this behavior.
To exploit these flaws, the attacker would have to create a specially
formed HTML-based e-mail and send it to the user. Alternatively an
attacker would have to host a malicious Web site that contained a Web page
designed to exploit these vulnerabilities. The attacker would then have to
persuade a user to visit that site.
As with the previous Internet Explorer cumulative patches released with
bulletins MS03-004, MS03-015, MS03-020, and MS03-032, this cumulative
patch will cause window.showHelp( ) to cease to function if you have not
applied the HTML Help update. If you have installed the updated HTML Help
control from Knowledge Base article 811630, you will still be able to use
HTML Help functionality after applying this patch.
In addition to applying this security patch it is recommended that users
also install the Windows Media Player update referenced in Knowledge Base
Article 828026. This update is available from Windows Update as well as
the Microsoft Download Center for all supported versions of Windows Media
Player. While not a security patch, this update contains a change to the
behavior of Windows Media Player's ability to launch URL's to help protect
against DHTML behavior based attacks. Specifically, it restricts Windows
Media Player's ability to launch URL's in the local computer zone from
other zones.
Mitigating Factors:
====================
- -By default, Internet Explorer on Windows Server 2003 runs in Enhanced
Security Configuration. This default configuration of Internet Explorer
blocks automatic exploitation of this attack. If Internet Explorer
Enhanced Security Configuration has been disabled, the protections put in
place that prevent this vulnerability from being automatically exploited
would be removed.
- -In the Web-based attack scenario, the attacker would have to host a Web
site that contained a Web page used to exploit this vulnerability. An
attacker would have no way to force a user to visit a malicious Web Site.
Instead, the attacker would need to lure them there, typically by getting
them to click a link that would take them to the attacker's site.
- -Exploiting the vulnerability would allow the attacker only the same
privileges as the user. Users whose accounts are configured to have few
privileges on the system would be at less risk than ones who operate with
administrative privileges.
Risk Rating:
============
 -Critical
Patch Availability:
===================
 - A patch is available to fix this vulnerability. Please read the  Â
Security Bulletins at
  Â
http://www.microsoft.com/technet/security/bulletin/MS03-040.asp
  Â
http://www.microsoft.com/security/security_bulletins/MS03-040.asp
  for information on obtaining this patch.
- ---------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS
IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES,
EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION
OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT,
INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED
OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE
FOREGOING LIMITATION MAY NOT APPLY.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQEVAwUBP34rCY0ZSRQxA/UrAQFmqAgAlS+ZctG+OT7Rd49WfGdz2ISdMNZ1E1ay
IpWYrj5leBrc5KTLf7fadhy9209A96gppJbV6lIWqP1gvQWrWaW8XZzyhvsX7FH+
922nYeQLUsPp3R+wA2jZP6OvcfTFOUqa4nDM9oisO7qMEc2SuDdQWont2IzeAf6h
3P6VjblfQ72pxPAYuFSRN0xKZGzqcSKqWYwy+APgjp3a+J1tO17ur+1jhz6BgI9w
CZcAOxluayX6IxOixaWFBZUmiITGFImYFY1Ql+LQSdTCVv11R+IKrhAsRwfyfA9r
7AqjjZfWrB/ScpPdrobt3W9eFSxgHCjMen7SIB5SuTldsWwpu7IBHg== =vhUD
-----END PGP SIGNATURE-----
*******************************************************************
You have received this e-mail bulletin because of your subscription to the
Microsoft Product Security Notification Service. For more information on
this service, please visit
http://www.microsoft.com/technet/security/notify.asp. Â
To verify the digital signature on this bulletin, please download our PGP
key at
http://www.microsoft.com/technet/security/notify.asp. Â
To unsubscribe from the Microsoft Security Notification Service, please
visit the Microsoft Profile Center at
